I've looked at Magento but I don't have the time or patience to make sense out of it's use of Zend. Seems they have their own framework wrapped around Zend called Mage which is just creating additional indirection for me to struggle with.

Anyways, I'm curious to see how others implement authentication (maybe authorization as well) while using Zend.

1. Submit login FORM to login controller -- which then redirects/forwards you to a dashboard

This much is pretty obvious but during this action I assume you also store a SESSION value indicating access levels (ACL) or userid indicating basic authorization?

The next page refresh, where do you check this SESSION value to determine whether you should redirect to login screen or not?

Obviously this should be centralized as it doesn't make sense to check for a basic SESSION in each controller invoked. Likewise, what about advanced authroization? Do you check permissions/roles/whatever inside each action for really fine grained access control?

I'd like to see a clean cut, simple example of a Zend controller action or two which demonstrates what a typical action might look like when generating a full fledged view for an application, like say phpBB.

I've looked at Magento but I don't have the time or patience to make sense out of it's use of Zend. Seems they have their own framework wrapped around Zend called Mage which is just creating additional indirection for me to struggle with.

Anyways, I'm curious to see how others implement authentication (maybe authorization as well) while using Zend.

1. Submit login FORM to login controller -- which then redirects/forwards you to a dashboard

This much is pretty obvious but during this action I assume you also store a SESSION value indicating access levels (ACL) or userid indicating basic authorization?

The next page refresh, where do you check this SESSION value to determine whether you should redirect to login screen or not?

Obviously this should be centralized as it doesn't make sense to check for a basic SESSION in each controller invoked. Likewise, what about advanced authroization? Do you check permissions/roles/whatever inside each action for really fine grained access control?

I'd like to see a clean cut, simple example of a Zend controller action or two which demonstrates what a typical action might look like when generating a full fledged view for an application, like say phpBB.

If your going the ACL route, I wrote plugin awhile back that I never really got around to finishing/implementing.

My blog has a series of tutorial level posts on various ZF subjects - all were written within a real development process (me, writing a replacement blog I can hack on without dealing with the procedural crap plaguing the usual blogging platforms).

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum